~ "opy for the Elected Office (EO/US) — * 
PA i ENT COOPERATION TREAT r 



PCT/FI00/00421 



From the INTERNATIONAL BUREAU 



PCT 

NOTIFICATION OF THE RECORDING 
OF A CHANGE 

(PCT Rule 92bis.1 and 
Administrative Instructions, Section 422) 


To: 

BERGGRENOYAB 

r.vJ. DOX ID 

FIN-00101 Helsinki 
I FINLANDE ; 


Date of mailing (day/month/year) 
05 decembre 2001 (05.12.01) 


Applicant's or agent's file reference 
49769 


IMPORTANT NOTIFICATION 


International application No. 
PCT/FIOO/00421 


International filing date (day/month/year) 
11 mai 2000(11.05.00) 



Name and Address 


State of Nationality 


State of Residence 


NOKIA NETWORKS OY 
P.O. Box 300 
FIN-00045 Nokia Group 
Finland 


Fl 


Fl 


Telephone No. 
+358-9-51121 




Facsimile No. 






+ 358-9-51168080 






Teleprinter No. 



1. The following indications appeared on record concerning: 

| [ the inventor | J the agent 



X the applicant 



common representative 



2. The International Bureau hereby notifies the applicant that the following change has been recorded concerning: 

| | the name | | the address | | the nationality [ | the residence 



the person 



Name and Address 

NOKIA CORPORATION 
Keilalahdentie 4 
FIN-02150 Espoo 
Finland 



State of Nationality 
Fl . 



State of Residence 
Fl 



Telephone No. 



Facsimile No. 



Teleprinter No. 



3. Further observations, if necessary: 



4. A copy of this notification has been sent to: 
| X | the receiving Office 
| | the International Searching Authority 
| | the International Preliminary Examining Authority 



| ^ the designated Offices concerned 
| X| the elected Offices concerned 

[ J other: 





Authorized officer 


The International Bureau of WIPO 


34, chemin des Colombettes 


Marie-Jose DEVILLARD 


1211 Geneva 20, Switzerland 




Facsimile No.: (41-22) 740.14.35 


Telephone No.: (41-22) 338.83.38 


Form PCT/IB/306 (March 1994) 


004510480 



t comfit I 



ThMemand mist be filed directly with the com^Mt Irtiernaticruzl PreHmmary Examining Authority or.^^BZ or more Authorities are competent, 
with the one chosen by the applicant The full name or two-tetter code of that Authority may be indicated by the applicant cm the line below: 
EPEA/EEPP 



PCT 

DEMAND 

under Article 3 1 of the Patent Cooperation Treaty: 
The undersigned requests that the international application specified below be the subject of 
international preliminary examination according to the Patent Cooperation Treaty and 
hereby elects all eligible States (except where otherwise indicated). 



CHAPTER II 



Identification of IPEA 



For International Preliminary Examining Authority use only 
| Date of receipt of DEMAND 



Box No. I IDENTIFICATION OF THE INTERNATIONAL APPLICATION 


Applicant's or agent's file reference 
49769/ML/JK/MM 


International application No. 
PCT/FI00/00421 


International filing date (day/month/year) 
11 May 2000 (11.5.00) 


(Earliest) Priority date (day/month/year) 
11 May 1999 (11.5.99) 


Title of invention 

INTEGRITY PROTECTION METHOD FOR RADIO NETWORK SIGNALING 


Box No. H APPLICANTS) 


Name and address: (Family name followed by given name; for a legal entity, full official designation. 
The address must include postal code and name of country) 

NOKIA NETWORKS OY 
P.O. Box 300 

FIN-00045 NOKIA GROUP 
Finland 

* 


Telephone No.: 


Facsimile No.: 


Teleprinter No.: 



State (thai is, country) of nationality: . . . J 


State (that is, country) of residence: 


Finland j 


Finland 


Name and address: (Family name followed by given name; for a legal entity, full official designation. The address must include postal code and name of country.) 


NIEMI, Valtteri 




Itamerenkatu 11-13 




FIN-001 80 HELSINKI 




Finland 




State (that is, country) of nationality: 


State (that is, country) of residence: 


Finland 


Finland 


Name and address: (Family name followed by given name; for a legal entity, full official designation. The address must include postal code and name of country) 


RAJANIEMI, Jaakko 




Lapinrinne 2 A 1 1 




FIN-001 80 HELSINKI 




Finland 




, State (that is, country) of nationality: 


State (that is, country) of residence: 


j Finland 


Finland 


! | X [ Further applicants are indicated on a continuation sheet 



Form PCT/IPEA/401 (first sheet) (July 1998; reprint January 2000) 



See Notes to the demand form 



Sheet No. 2. 



International application No. 

PCT/FI00/00421 



Continuation of Box No. II APPLICANT(S) 



If none of the following sub-boxes is used, this sheet should not be included in the demand 



Name and address: (Family name followed by given name: for a legal eruity, fuU official Agnation. The address must include postal code and name of country.) 

MUHONEN, Ahti 
Holperintie 39 
FIN-04680 HIRVIVAARA 
Finland 



State (that is. country) of nationality: 


State (tl 


xat is, country) of residence: 


Finland 




Finland 



Name and address: family name followed by given name; for a legal entity, foil official designation. The address must include postal code and name of country.) 



State (that is, country) of nationality: 



State (that is, country) of residence: 



Name and address: (Family name followed by given name: for a legal entity, full official designation. The address must include postal code and name of country.) 



State (that is, country) of nationality: 



State (that is, country) of residence: 



Name and address: (Family name followed by given name: for a legal entity, full official designation. The address must include postal code and name of country.) ! 



i State (that is, country) of nationality: 



State (that is, country) of residence: 



Further applicants are indicated on another continuation sheet. 



Form PCT/IPEA/401 (continuation sheet) (Jury 1998; reprint January 2000) 



See Notes to the demand form 



3 International application No. 

Sheet No. ... PCT/FI00/00421 



Box No. m AGENT OR COMMON REPRESENTATIVE; OR ADDRESS FOR CORRESPONDENCE 



The following person is fxj agent j^J common representative 

and I X j has been appointed earlier and represents the applicants) also for international preliminary examination. 

I j is hereby appointed and any earlier appointment of (an) agent(s)/common representative is hereby revoked. 

I I >s hereby appointed, specifically for the procedure before the International Preliminary Examining Authority, in addition to 
the agcnt(s)/common representative appointed earlier. 



Name and address: (Family name followed by given name; for a legal entity, full official designation. 
The address must include postal code and name of country.) 



BERGGREN OY AB 
P.O. Box 16 
FIN-00101 HELSINKI 
Finland 



Telephone No.: 
+358-9-693701 



Facsimile No.: 

+358-9-6933944 



Teleprinter No.: 



□ Address for correspondence: Mark this check-box where no agent or common r e p rese n tative is/has been appointed and the 
space above is used instead to indicate a special addr ess to which correspondence should be sent. 



Box No. IV BASIS FOR INTERNATIONAL PRELIMINARY EXAMINATION 



Statement concerning amendments:* 

1 . The applicant wishes the international preliminary examination to start on the basis of: 
! I the international application as originally filed 
the description j^J as originally filed 

1 | as amended under Article 34 

the claims 1 j as originally filed 

1 | as amended under Article 19 (together with any accompanying statement) 
as amended under Article 34 



the drawings j j as originally filed 

• j as amended under Article 34 

2. 1 ! The applicant wishes any amendment to the claims under Article 19 to be considered as reversed. 

3. | j The applicant wishes the start of the international preliminary examination to be postponed until the expiration of 20 months 

~* from the priority date unless the International Preliminary Examining Authority receives a copy of any amendments made 
under Article 19 or a notice from the applicant that he does not wish to make such amendments (Rule 69.1(d)). (This check- 
box may be marked only where the time limit under Article 19 has not yet expired.) 

* Where no check-box is marked, international preliminary examination will start on the basis of the international application 
as originally filed or, where a copy of amendments to the claims under Article 19 and/or amendments of the international application 
under Article 34 arc received by the International Preliminary Examining Authority before it has begun to draw up a written opinion 
or the international preliminary examination report, as so amended. 



Language for the purposes of international preliminary examination: £ngjj§h 
[*j which is the language in which the international application was filed. 
I j which is the language of a translation furnished for the purposes of international search. 
1 * : which is the language of publication of the international application. 

| ; which is the language of the translation (to be) furnished for the purposes of international preliminary examination. 



Box No. V ELECTION OF STATES 



The applicant hereby elects all eligible States (that is, all States which have been designated and which are bound by Chapter II of 
the PCT) 

excluding the following States which the applicant wishes not to elect: 



Form PCT/TPEA/401 (second sheet) (July 1998; reprint January 2000) 



See Notes to the demand form 



Sheet No. 9 



International application No. 

PCT/FI00/00421 



Box No, VI CHECKLIST 



The demand is accompanied by the following elements, in the language referred to in 
Box No. IV, for the purposes of international preliminary examination: 



1 . translation of international application 

2. amendments under Article 34 

3. copy (or, where required, translation) of 
amendments under Article 19 

4. copy (or, where required, translation) of 
statement under Article 19 

5. letter 

6. other (specify) 



sheets 
sheets 

sheets 

sheets 
sheets 
sheets 



For International Preliminary 
Examining Authority use only 



received 

□ 

□ 

□ 

□ 
" □ 
□ 



not received 

• □ 
□ 

□ 

□ 
□ 
□ 



The demand is also accompanied by the ttem(s) marked below: 

1. \X 1 fee calculation sheet 

2. | I separate signed power of attorney 

3. | I copy of general power of attorney; 
1 reference number, if any: 



4. | | statement explaining lack of signature 

5. | I nucleotide and or amino acid sequence listing in 
computer readable form 

6. | | other (specify): 



Box No. VTI SIGNATURE OF APPLICANT, AGENT OR COMMON REPRESENTATIVE 

Next to each signature, i ndi c at e the name of the person signing and the capacity in which the person signs (f such capacity is not obvious from reacting the demand). 



BERGGREN OY AB 



7 December 2000 



— — — For International Preliminary Examining Authority use only 
1. Date of actual receipt of DEMAND: 




Juhani Kupiainen 
patent Agent 



2. Adjusted date of receipt of demand due 
to CORRECTIONS under Rule 60.1(b): 



2 i i The date of receipt of the demand is AFTER the expiration of 19 months i 1 The applicant has been 

] ' from the priority date and item 4 or 5, below, docs not apply. I ' informed accordingly. 

j The date of receipt of the demand is WITHIN the period of 19 months from the priority date as extended by virtue of 

4 - i Rule 80.5. 



j" j Although the date of receipt of the demand is after the expiration of 19 months from the priority date, the delay in arrival 
' ' is EXCUSED pursuant to Rule 82. 



— — _ » For International Bureau use only 
Demand received from IPEA on: 



Form PCT/TPEA/401 (last sheet) (July 1998; reprint January 2000) 



See ft'otes to the demand form 



PCT 



CHAPTER II 



International 
application No. 



FEE CALCULATION SHEET 
Annex to the Demand for international preliminary examination 

— : For International Preliminary Examining Authority use only -- 



PCT/FI00/0O421 



Applicant's or agent's 
file reference 



49769/ML7JK/MM 



Date stamp of the IPEA 



Applicant 



NOKIA NETWORKS OY 



Calculation of prescribed fees 



1 . Preliminary examination fee 



EUR 1533 



2. Handling fee (Applicants from certain States are 
entitled to a reduction of 75% of the handling fee. 
Where the applicant is (or all applicants are) so en" 
titled, the amount to be entered at H is 25% of the 
handling fee.) 



3. Total of prescribed fees 

Add the amounts entered at P and H 
and enter total in the TOTAL box 



EUR 147 



H 



EUR 1680 



TOTAL 



Mode of Payment 



i j 


authorization to charse deposit 
account with the IPEA (see below) 


□ 


cash 


□ 


cheque 


□ 


revenue stamps 


□ 


postal money order 


□ 


coupons 




bank draft 


□ 


other (specify): 



Bank transfer to account 
157230-340380 



Deposit Account Authorization (this mode of payment may not be available at all IPEAs) 

The IPEA/' EPO is hereby authorized to charge the total fees indicated above to my deposit account. 

(this check-box may be marked only if the conditions for deposit accounts of the IPEA so permit) is hereby 

authorized to charge any deficiency or credit any overpayment in the total fees indicated above to 

my deposit account. 



Deposit Account Number 



Date (day/month/year) 



Signature 



Form PCT/IPEA/401 (Annex) (July 1998; reprint January 2000) 



See Notes to the fee calculation sheet 



PCT REQUEST 



i/4 



Original (for SUBMISSION) - printed on 11.05.2000 09:31:37 Al 



/0096 



P769 



0 


For receiving Office use only 




0-1 


International Application No. 




0-2 


International Filing Date 




0-3 


Name of receiving Office and "PCT 






International Application" 






0-4 


Form - PCT/RO/1 01 PCT Request 




0-4-1 


Prepared using 


PPT-FAQV VArcinrt O Ofi 

*> Xii-rVO X V O J. \JLX ^ * J \J 








0-5 


Petition 






The undersigned requests that tne 






present international application be 






processed according to the Patent 






Cooperation Treaty 




0-6 


Receiving Office (specified by the 


National Board of Patents and 




applicant) 


Registration (Finland) (RO/FI) 


0-7 


Applicant's or agent's file reference 


49769 _r 


1 


Title of invention 


INTEGRITY PROTECTION METHOD FOR RADIO 






NETWORK SIGNALING 


II 


Applicant 




11-1 


This person is: 


applicant only 


II-2 


Applicant for 


all designated States except US 


II-4 


Name 


NOKIA NETWORKS OY 


11-5 


Address: 


P.O. Box 300 






FIN- 00 04 5 Nokia Group 






Finland 


11-6 


State of nationality 


FI 


11-7 


State of residence 


FI 


11-8 


Telephone No. 


+358-9-51121 


11-9 


Facsimile No. 


+358-9-51168080 


111-1 


Applicant and/or inventor 




111-1-1 


This person is: 


applicant and inventor 


111-1-2 


Applicant for 


US only 


111-1-4 


Name (LAST, First) 


NIEMI, Valtteri 


III-1-5 


Address: 


Itamerenkatu 11-13 






FIN-00180 Helsinki 






Finland 


111-1-6 


State of nationality 


FI 


111-1-7 


State of residence 


FI 



2/4 

PCT REQUEST 49769 

Original (for SUBMISSION) - printed on 1 1.05.2000 09:31:37 AM 



III-2 


Applicant and/or inventor 




111-2-1 


This person is: 


applicant and inventor* 


IU-2-2 


Applicant for 


US only 


III-2-4 


Name (LAST, First) 


RAJANIEMI, Jaakko 


III-2-5 


Address: 


Lapinrinne 2 A 11 






FIN-00180 Helsinki 






Finland 


III-2-6 


State of nationality 


FI 


IH-2-7 


State of residence 


FX 


III-3 


Applicant and/or inventor 




111-3-1 


This person is: 


applicant and inventor 


III-3-2 


Applicant for 


US only 


111-1. A 


Nam a ft ACT Ptrct\ 

[Name yL>\o i , rirsij 


MUHONEN, Ahti 


111-3-5 


Address: 


Holner int 39 






FIN- 04 680 Hirvivaara 






Finland 


in o a 


State of nationality 


FI 


It 1-3-7 


State of residence 


FI 


IV-1 


Agent or common representative; or 






address for correspondence 






The person identified below is 


agent 




hereby/has been appointed to act on 




behalf of the applicant(s) before the 






competent International Authorities as: 




IV-1-1 


Name 


BERGGREN OY AB 


IV-1 -2 


Address: 


P.O. Box 1 6 






FIN-00101 Helsinki 






Finland 


IV-1 -3 


Telephone No. 


+358-9-693701 


IV-1 -4 


Facsimile No. 


+358-9-6933944 


IV-1 -5 


e-mail 


emai 1 . box@berggren . f i 


V 


Designation of States 




V-1 


Regional Patent 


AP : 6H GM KE LS MW SD SL SZ TZ UG ZW and 




(other kinds of protection or treatment, if 




any. are specified between parentheses 


any other State which is a Contracting 




after the designation(s) concerned) 


State of the Harare Protocol and of the 






PCT 






EA: AM AZ BY KG KZ MD RU TJ TM and any 






other State which is a Contracting State 






of the Eurasian Patent Convention and of 






the PCT 






EP: AT BE CH&LI CY DE DK ES FI FR GB GR 






IE IT LU MC NIj PT SE and any other State 






which is a Contracting State of the 






European Patent Convention and of the 






PCT 






OA: BF B«7 CF CG CI CM GA GN GW ML MR NE 






SN TD TG and any other State which is a 






member State of OAPI and a Contracting 






State of the PCT 



PCT REQUEST 



3/4 



Original (for SUBMISSION) - printed on 11. 05.2000 09:31 :37 AM 



49769 



National Patent 

(other kinds of protection or treatment, if 
any, are specified between parentheses 
after the designation(s) concerned) 



AE AG 
CH&LI 
GB GD 
KG KP 
MG MK 
SG SI 
VN YU 



AL AM 

CN CR 

GE GH 

KR KZ 

MN MW 

SK SL 

ZA ZW 



AT AU 

CU CZ 

GM HR 

LC LK 

MX NO 

TJ TM 



AZ BA 

DE DK 

HU ID 

IiR LS 

NZ PL 

TR TT 



BB BG 

DM DZ 

XL IN 

LT LU 

PT RO 

TZ UA 



BR BY CA 

EE ES FI 

IS JP KE 

LV MA MD 

RU SD SE 

UG US UZ 



Precautionary Designation Statement 
In addition to the designations made 
under items V-1 , V-2 and V-3, the 
applicant also makes under Rule 4.9(b) 
ail designations which would be 
permitted under the PCT except any 
designation(s) of the State(s) indicated 
under item V-6 below. The applicant 
declares that those additional 
designations are subject to confirmation 
and that any designation which is not 
confirmed before the expiration of 15 — 
months from the priority date is to be 
regarded as withdrawn by the applicant 
at the expiration of that time limit 



Exclusion(s) from precautionary 
designations 



NONE 



Priority claim of earlier national 
application 

Filing date 

Number 
Country 



11 May 1999 (11.05.1999) 

991088 

FI 



Priority document request 

The receiving Office is requested to 
prepare and transmit to the International 
Bureau a certified copy of the earlier 
appiication(s) identified above as 

item(s): 



VI-1 



International Searching Authority 
Chosen 



European Patent Office (EPO) (ISA/EP) 



Check list 



number of sheets 



electronic file(s) attached 



Request 



Description 



11 



Claims 



Abstract 



49769.txt 



Drawings 



2 



TOTAL 



19 



Accompanying items 



paper document(s) attached 



electronic file(s) attached 



Fee calculation sheet 



Separate signed power of attorney 



Copy of general power of attorney 



PCT-EASY diskette 



diskette 



Other (specified): 



Copy of Official 
Action in FI 991088 



Figure of the drawings which should 
accompany the abstract 



4/4 

PCT REQUEST 

Original (for SUBMISSION) - printed on 1 1 .05.2000 09:31 :37 AM 



VIIM9 


Language of filing of the international 
application 


English 


IX-1-1 
IX- 1-2 
IX- 1-3 


Signature of applicant or agent 

Name 

Name of signatory 
Capacity 


BERGGREN OY AB 
Markus Levi in 
Patient Agent 


FOR RECEIVING OFFICE USE ONLY 


10-1 


Date of actual receipt of the 
purported international application 




10-2 

10-2-1 
10-2-2 


Drawings: 
Received 
Not received 




10-3 


Corrected date of actual receipt due 
to later but timely received papers or 
drawings completing the purported 
international application 




10-4 


Date of timely receipt of the required 
corrections under PCT Article 1 1(2) 




10-5 


international Searching Authority 


ISA/EP 


10-6 


Transmittal of search copy delayed 
until search fee is paid 




FOR INTERNATIONAL BUREAU USE ONLY 


11-1 j 


Date of receipt of the record copy by 
the international Bureau 





1/2 

PCT (ANNEX - FEE CALCULATION SHEET) 

Original (for SUBMISSION) - printed on 1 1.05.2000 09:31 :37 AM 

(This sheet is not part of and does not count as a sheet of the international application) 



49769 



0 

0-1 


For receiving Office use only 

International Application No. 




0-2 


Date stamp of the receiving Office 






0-4 

0-4-1 


Form • PCT/RO/1 01 (Annex) 
PCT Fee Calculation Sheet 

Prepared using 


PCT-EASY Version 2.90 
(updated 08.03.2000) 


0-9 


Applicant's or agent's file reference 


49769 


2 


Applicant 


NOKIA NETWORKS OY, et al . 


12 

12-1 

12-2 
12-3 

12-4 
12-5 
12-6 
12-7 
12-8 

12-9 

12-10 
12-11 
12-12 
12-13 
12-14 

12-15 
12-16 


Calculation of prescribed fees 


fAA amniint/mijltinltar 


total amounts (FIM) 




Transmittal fee T 


=> 


800 




Search fee S 


<=> 


5 618,71 




International fee 
Basic fee 
(first 30 sheets) b1 


2 431,8 


t 


Remaining sheets 


0 


Additional amount (X) 


53,51 


Total additional amount b2 


0 


b1 + b2 = B 


2 431,8 


Designation fees 
Number of designations contained 
in international application 


85 


Number of designation fees 
payable (maximum 8) 


8 


Amount of designation fee (X) 


523,22 


Total designation fees D 


4 185,76 


PCT-EASY fee reduction R 


-749,16 


Total International fee (B+D-R) 1 




5 868,4 




Fee for priority document 

Number of priority documents 
requested 


1 




Fee per document (X) 


422 


Total priority document fee P 




422 




12-17 


TOTAL FEES PAYABLE (T+S+1+P) 




12 709,11 




12-19 


Mode of payment 


cheque 



VALIDATION LOG AND REMARKS 



13-2-6 



Validation messages 
Contents 



Green? 

Reference number for attached copy of 
general power of attorney not indicated. 



2/2 

PCT (ANNEX - FEE CALCULATION SHEET) 49769 

Original (for SUBMISSION) - printed on 1 1 .05.2000 09:31 :37 AM 



13-2-7 


Validation messages 
Fees 


Green? 




Please verify that modified fee amounts 
are correct • 



# 



1/1 

PCT 49769 

Original (for SUBMISSION) - printed on 1 1.05.2000 09:31:37 AM 

PCT-EASY INFORMATION SHEET 

(For applicant use only, DO NOT submit this sheet with the international application) 

VALIDATION LOG 



Green? 


Contents 

Reference number for attached copy of general power of attorney not indicated. 


Green? 


Fees 

Please verify that modified fee amounts are correct. 



Before submitting the International Application, please carefully verify that: 

-the information contained on printed Request form is correct; 
-Box IX of the Request form has been signed; 

-all elements of the international application as indicated in Box VIII of the Request form have been attached; and, 
-the diskette containing the PCT-EASY zip file of the International Application has been enclosed and has been clearly 
labeled "PCT-EASY", with the applicant's or agent's file reference, and the first applicant's name. 



. - ATTENTION 

DO NOT modify any indications on the Request form printout. The attached PCT-EASY application has been locked. If an error or an 
omission is discovered at this time, you must copy the submitted application as a template and make the change or correction in a 

new application (using the submitted application as a template). You may create such a template by copying the submitted application 

from the "Stored Forms' 1 folder to the 'New PCT Forms* folder. Open the new (.0WO) file created in the "New PCT Forms" folder, 
correct the errors and proceed with the submission process again. 
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m 



From the: 

INTERNATIONAL PRELIMINARY EXAMINING AUTHORITY 



To: 

BERGGREN OY AB 
P.O.Box 16 

00101 Helsinki (^era^refv Qp^to- 

FINLANDE „ , " 

2 1 -02- 2001 



PCT 



WRITTEN OPINION 
(PCT Rule 66) 



Date of mailing 
(day/month/year) 



16.02.2001 



Applicants or agents file reference 
49769/MLAJK/MM 



REPLY DUE within 3 month(s) \U 

from the above date of mailing ' 



Wot 



International application No. 
PCT/FI00/00421 



International filing date (day/month/year) 
11/05/2000 



Priority date (day/month/year) 
11/06/1999 



International Patent Classification (IPC) or both national classification and IPC 
H04Q7/38 



Applicant 

NOKIA NETWORKS OY et al. 



I 




II 


□ 


III 


□ 


IV 


□ 


V 




VI 


□ 


VII 




VIII 


s 



1. This written opinion is the first drawn up by this International Preliminary Examining Authority. 

2. This opinion contains indications relating to the following items: 



Non-establishment of opinion with regard to novelty, inventive step and industrial applicability 
Lack of unity of invention 

Reasoned statement under Rule 66.2(a)(ii) with regard to novelty, inventive step or industrial a 
citations and explanations supporting such statement 



3. The applicant is hereby invited to reply to this opinion. 

When? See the time limit indicated above. The applicant may, before the expiration of that time limit, 
request this Authority to grant an extension, see Rule 66.2(d). 

How? By submitting a written reply, accompanied, where appropriate, by amendments, according to Rule 66.3. 

For the form and the language of the amendments, see Rules 66.8 and 66.9. 

Also: For an additional opportunity to submit amendments, see Rule 66.4. 

For the examiner's obligation to consider amendments and/or arguments, see Rule 66.4 bis. 
For an informal communication with the examiner, see Rule 66.6. 

If no reply is filed, the international preliminary examination report will be established on the basis of this opinion. 

4. The final date by which the international preliminary 

examination report must be established according to Rule 69.2 is: 1 1/09/2001 . 



Name and mailing address of the international 
preliminary examining authority: 
— European Patent Office 

D-80298 Munich 
Tel. +49 89 2399 - 0 Tx: 523656 epmu d 

Fax: +49 89 2399 - 4465 



Authorized officer / Examiner 
Harrysson, A 



Formalities officer (incl. extension of time limits) 
Finnie, A 

Telephone No. +49 89 2399 8251 
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I. Basis of the opinion 

1 . this opinion has been drawn on the basis of (substitute sheets which have been furnished to the receiving Office 
in response to an invitation under Article 14 are referred to in this opinion as "originally filed".): 

Description, pages: 

1-11 as originally filed 

as originally filed 

as originally filed 



Claims, No.: 
1-8 

Drawings, sheets: 

1/2-2/2 



2. With regard to the language, all the elements marked above were available or furnished to this Authority in the 
language in which the international application was filed, unless otherwise indicated under this item. 

These elements were available or furnished to this Authority in the following language: , which is: 

□ the language of a translation furnished for the purposes of the international search (under Rule 23.1 (b)). 

□ the language of publication of the international application (under Rule 48.3(b)). 

□ the language of a translation furnished for the purposes of international preliminary examination (under Rule 
55.2 and/or 55.3). 

3. With regard to any nucleotide and/or amino acid sequence disclosed in the international application, the 
international preliminary examination was carried out on the basis of the sequence listing: 

□ contained in the international application in written form. 

□ filed together with the international application in computer readable form. 

□ furnished subsequently to this Authority in written form. 

□ furnished subsequently to this Authority in computer readable form. 

□ The statement that the subsequently furnished written sequence listing does not go beyond the disclosure in 
the international application as filed has been furnished. 

□ The statement that the information recorded in computer readable form is identical to the written sequence 
listing has been furnished. 

4. The amendments have resulted in the cancellation of: 

□ the description, pages: 

□ the claims, Nos.: 
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□ 



the drawings, 



sheets: 



5. □ This report has been established as if (some of) the amendments had not been made, since they have been 
considered to go beyond the disclosure as filed (Rule 70.2(c)): 

(Any replacement sheet containing such amendments must be referred to under item 1 and annexed to this 
report.) 



6. Additional observations, if necessary: 



V. Reasoned statement under Rule 66.2(a)(H) with regard to novelty, inventive step or industrialapplicabilrty; 
citations and explanations supporting such statement 

1. Statement 

Novelty (N) Claims 1,4 

Inventive step (IS) Claims 1 -8 

Industrial applicability (lA) Claims 



2. Citations and explanations 
see separate sheet 



VII. Certain defects in the international application 

The following defects in the form or contents of the international application have been noted: 
see separate sheet 



VIII. Certain observations on the international application 

The following observations on the clarity of the claims, description, and drawings or on the question whether the 
claims are fully supported by the description, sire made: 
see separate sheet 
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Concerning section V.2 (reasoned statement under Rule 66(a)(ii) PCT) 

1 The following documents are referred to in this communication; the numbering will 
be adhered to in the rest of the procedure: 

D1 : US 5 475 763 A (CHARLES W. KAUFMAN ET AL) 12 December 1995 
D2: US 5 239 294 A (MARY B. FLANDERS ET AL) 24 August 1 993 

2 With respect to independent claim 1 , document D1 discloses (any references in 
parentheses applying to this document) a method for integrity checking of messages 
transmitted between a first and a second party, comprising the steps of: 

a) calculation of authentication value on basis of the message (see e.g. column 
1 at lines 30-32); 

b) calculation of authentication value on basis of a counter value, presented as 
per-message private number (see e.g. column 1 at lines 22-23 and 30-32); 

Present claim 1 differs from document D1 only in that said claim additionally defines 
the method steps of: 

c) calculation of authentication value on basis of a first value being valid for one 
connection only and specified by the first party; 

d) specifying said counter value at least partly by the second party; 

The technical problem to be solved by the present invention may be regarded as 
how to provide security in communication between first and second party in such a 
way that: 

i) a message together with integrity data from one distinct connection is not 
accepted in the next connection; 

ii) values forming the basis for the calculation of authentication values do not have 
to be stored by both parties. 

It is considered that no inventive contribution can be seen in formulating such a 
problem. 

The solution proposed in claim 1 of the present application can not be considered 
as involving an inventive step (Article 33(3) PCT) for the following reasons: 
i) Given the problem (i) stated above, it would be obvious for a skilled person to, 
without the need of any inventive step, let the long-term private number, which 
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is already disclosed in D1 (see e.g. column 1 at lines 30-32), be valid for only 
one connection. 

ii) Given the problem (ii) stated above, letting the counter value be stored and thus 
specified when needed by only one of the parties, for example the second 
party, is an obvious measure by the skilled person. 

The subject-matter of claim 1 does therefore not involve an inventive step. 

3 The dependent claims 2-8 appear to add nothing novel or of inventive significance 
to those claims to which they are appended. 

Particularly letting the parties be a cellular network/mobile station as set out in claim 

2, is already disclosed for similar authentication procedures in D2, see column 1 at 
lines 18-23. Using pseudo random values as set out in claim 4 is disclosed in D1, 
column 2 at lines 10-11. 

Calculating an authentication value also on the basis of a second value as in claim 

3, letting a mobile station specify an initial value for the counter value as in claim 5, 
letting a mobile station combine said initial value with a counter value for producing 
a third value as in claim 6 or using a value stored in the SIM-card of a mobile station 
for producing said initial value as in claim 7, seems to relate to a routine measures 
by a skilled person. 

Letting the network be an UMTS network and specifying said first value by a radio 
network controller as in claim 8, seems to relate to routine measures by the skilled 
person not yielding any surprisingly advantageous result. 

Thus, the dependent claims 2-8 either alone or in combination, appear to add 
nothing novel or of inventive significance to claim 1 to which they are appended 
and, therefore, these claims cannot be considered to offer a basis for a patentable 
claim. As a consequence, no allowable combination of claims can be suggested by 
the examiner. 

Concerning section VII (defects in form or content) 

The following defects are present in the application. 



Form PCT/Separate Sheet/408 (Sheet 2) (EPO-April 1997) 



WRITTEN OPINION 
SEPARATE SHEET 



International application No. PCT/FI00/00421 



a) If any amended independent claims are filed, the opening part of the de- 
scription, including the summary of the invention, should be brought into 
agreement with the wording thereof. 

b) In order to meet the requirements of Rule 5.1 (a)(ii) PCT, the relevant prior art 
presumably document D1 should be acknowledged by reference and briefly dis- 
cussed in the introductory part of the description. 

c) All the claims should include reference signs in parentheses where features 
shown in the drawings are referred to, Rule 6.2(b) PCT. 

d) General "spirit" and "scope" statements are unclear, and when used to interpret 
the claims renders them also unclear, contrary to Article 6 PCT. The statement 
of this kind as set out in the last page of the description should therefore be 
deleted. 

e) Finally, amendments should be filed by way of replacement pages in the 
manner stipulated by Rule 66.8(a) PCT. In particular, fair copies of the amend- 
ments should be filed preferably in triplicate. Moreover, the applicant's attention 
is drawn to the fact that, as a consequence of Rule 66.8(a) PCT the examiner 
is not permitted to carry out any amendments under the PCT procedure, 
however minor these may be. 

Concerning section Vjll (observations on clarity) 

The reference to "said third value" in claim 6 as well as in the description in page 7 at line 
6 is considered as being not clear since no third value is mentioned neither in the 
preceding claims nor in the foregoing text of the description. Also producing a third value 
as set out in claim 6 does not seem to have any technical effect since the use of this value 
is not defined in the claims. 
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Our Ref.: 49769/MB/MM 
REPLY TO WRITTEN OPINION 

INTERNATIONAL PATENT APPLICATION NO. PCT/FI00/00421 
APPLICANT: NOKIA NETWORKS OY 
TERM; 16 MAY 2001 

In response to the Written Opinion dated 16 February 2001 we submit the 
following. 

The applicant respectfully disagrees with the Examiner about the alleged 
pertinence of Dl. 

Firstly, the applicant wants to contest the Examiner's opinion about it being 
obvious that the long-term private (or secret) number introduced in Dl could be 
valid for one connection only. The disclosure of Dl rests solidly on the basis of 
PKI (Public Key Infrastructure), where the keys constitute pairs of public and 
secret keys. The needlessly complicated designations "long-term private 
number" or "long-term secret number" of Dl simply refer to the message 
originator's secret key. The keys of PKI are definitely long-term by nature as 
already the name used in Dl suggests. The applicant would like to point out 
that Dl specifically discloses the use of per-message secret numbers because a 
person skilled in the art would not contemplate sacrificing a long-term key for 
one-time use. A factor that is conveniently ignored in Dl but that is both 
common knowledge and a good argument in favour of the applicant's opinion 
is that a recipient that receives the corresponding public key or "long-term 
public number" must somehow ascertain that what he has received really 
comes from the party that claims to be the originator and not from a dishonest 
pretender. It would be very difficult if not impossible to arrange for proper 
authentication of keys if the "long-term numbers" of Dl would not be long- 
term at all but only message specific. 
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Secondly, and even more importantly, the applicant would like to point out that 
the method taught in Dl is hopelessly powerless against a so-called replay 
attack, which means that a dishonest party somehow manages to record a 
message during transmission and resends it later to the same recipient as if it 
was a valid message from the real originator. Quite on the contrary, Dl 
acknowledges literally on lines 55-60 of column 2 that resending the same 
message later would result in the signature being the same, which means that 
the poor recipient has no means of finding out, whether the latter message was 
a proper resent copy from the real originator or whether it was a replayed echo 
from an unknown heckler. Dl goes as far as describing such a feature as 
"desirable"! 

Said severe drawback of the Dl method is at least partly a consequence of the 
fact that Dl only discloses transmission of various pieces of information from 
the originator to the recipient. If we now move on to use the designations that 
appear in the pending claims, we note firstly that the independent claim only 
mentions one authentication value on line 2, after which the later reference to 
the same concept on line 6 comes with the definite article "the". It is the one 
and only authentication value the ingredients of which are a) the message itself, 

b) a first, message specific value specified by the first party AND c) a counter 
value at least partly specified by the second party, i.e. the recipient. Ingredient 

c) has no antecedent basis in the cited reference publications. Taken that we 
only speak about one authentication value, the calculation of which takes place 
in one location (at the first party, or "originator"), it is evident that the counter 
value must be provided from the second party (recipient) to the first party 
(originator) prior to the calculation of the authentication value. No cited 
reference publication discloses the transmission of a counter value from the 
recipient to the originator prior to calculating an authentication value. 

In the light of the above-given argumentation the applicant would respectfully 
request positive reconsideration of the merits of the application in unamended 
form.. 

BERGGREN OYAB 

\ — . 



Matti Brax 
Patent Attorney 
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1. This international preliminary examination report has been prepared by this International Preliminary Examining Authority 
and is transmitted to the applicant according to Article 36. 



2. This REPORT consists of a total of 5 sheets, including this cover sheet. 

□ This report is also accompanied by ANNEXES, i.e. sheets of the description, claims and/or drawings which have 
been amended and are the basis for this report and/or sheets containing rectifications made before this Authority 
(see Rule 70.16 and Section 607 of the Administrative Instructions under the PCT). 

These annexes consist of a total of sheets. 



3. This report contains indications relating to the following items: 

Basis of the report 
Priority 

Non-establishment of opinion with regard to novelty, inventive step and industrial applicability 
Lack of unity of invention 

Reasoned statement under Article 35(2) with regard to novelty, inventive step or industrial applicability; 
citations and explanations suporting such statement 

Certain documents cited 

Certain defects in the international application 

Certain observations on the international application 



I 




II 
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III 


□ 


IV 
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V 




VI 
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VII 


IS 


VIII 
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INTERNATIONAL PRELIMINARY 

EXAMINATION REPORT International application No. PCT/FI00/00421 



I. Basis of the report 

1 . With regard to the elements of the international application (Replacement sheets which have been furnished to 
the receiving Office in response to an invitation under Article 14 are referred to in this report as "originally filed" 
and are not annexed to this report since they do not contain amendments (Rules 70. 16 and 70. 1 7)y. 
Description, pages: 

1-11 as originally filed 

Claims, No.: 

1 -8 as originally filed 

Drawings, sheets: 

1/2-2/2 as originally filed 

2. With regard to the language, all the elements marked above were available or furnished to this Authority in the 
language in which the international application was filed, unless otherwise indicated under this item. 

These elements were available or furnished to this Authority in the following language: , which is: 

□ the language of a translation furnished for the purposes of the international search (under Rule 23.1 (b)). 

□ the language of publication of the international application (under Rule 48.3(b)). 

□ the language of a translation furnished for the purposes of international preliminary examination (under Rule 
55.2 and/or 55.3). 

3. With regard to any nucleotide and/or amino acid sequence disclosed in the international application, the 
international preliminary examination was carried out on the basis of the sequence listing: 

□ contained in the international application in written form. 

□ filed together with the international application in computer readable form. 

□ furnished subsequently to this Authority in written form. 

□ furnished subsequently to this Authority in computer readable form. 

□ The statement that the subsequently furnished written sequence listing does not go beyond the disclosure in 
the international application as filed has been furnished. 

□ The statement that the information recorded in computer readable form is identical to the written sequence 
listing has been furnished. 

4. The amendments have resulted in the cancellation of: 

□ the description, pages: 

□ the claims, Nos.: 
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□ the drawings, 



sheets: 



5. □ This report has been established as if (some of) the amendments had not been made, since they have been 
considered to go beyond the disclosure as filed (Rule 70.2(c)): 

(Any replacement sheet containing such amendments must be referred to under item 1 and annexed to this 
report.) 



6. Additional observations, if necessary: 



V. Reasoned statement under Article 35(2) with regard to novelty, inventive step or industrial applicability; 
citations and explanations supporting such statement 

1. Statement 



Novelty (N) 
Inventive step (IS) 



Yes: 
No: 

Yes: 
No: 



Industrial applicability (IA) Yes: 

No: 



Claims 1 -8 
Claims 

Claims 1 -8 
Claims 

Claims 1 -8 
Claims 



2. Citations and explanations 
see separate sheet 



VII. Certain defects in the international application 

The following defects in the form or contents of the international application have been noted: 
see separate sheet • 



VIII. Certain observations on the international application 

The following observations on the clarity of the claims, description, and drawings or on the question whether the 
claims are fully supported by the description, are made: 
see separate sheet 



Form PCT/IPEA/409 (Boxes l-VIII, Sheet 2) (July 1998) 



INTERNATIONAL PRELIMINARY International application No. PCT/<APPL> 

EXAMINATION REPORT - SEPARATE SHEET 



Concerning section V (reasoned statement under Article 35(2) PCT) 
1 Claim 1 defines a method for integrity checking of messages transmitted between 
a first and a second party. The nearest prior art is represented by document D1 
(US 5 475 763) which discloses such a method wherein an authentication value is 
calculated on basis of the message (see D1 column 1 at lines 30-32) and on basis 
of a counter value, presented as per-message private number (see D1 column 1 
at lines 22-23 and 30-32); 

Present claim 1 differs from document D1 in that said claim additionally defines 
the method steps of calculation an authentication value on basis of a first value 
being valid for one connection only and specified by the first party, and specifying 
said counter value at least partly by the second party. 

The technical problem to be solved by the present invention may be regarded as 
how to provide security in communication between first and second party in such 
a way that a message together with integrity data from one distinct connection is 
not accepted in the next connection and values forming the basis for the 
calculation of authentication values do not have to be stored by both parties. 

The solution proposed in claim 1 of the present application is considered as 
involving an inventive step since letting the second party specify a value, this 
value being a counter value, is neither taught nor suggested by D1 . A so called 
replay attack can therefore be encountered by the subject-matter of the 
application, but not by the method of D1 . 

The claimed method is also neither taught nor suggested by the remaining 
documents cited in the search report. 

Thus the subject-matter of claim 1 is considered novel, industrially applicable and 
inventive in the sense of Article 33 PCT. 

I The dependent claims 2-8 all relate to further implementing details of claim 1 and 
are therefore also novel, inventive and industrially applicable. 
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Concerning section VII (defects in form or content) 

The following defects are present in the application. 

In order to meet the requirements of Rule 5.1(a)(ii) PCT, the relevant prior art, 
document D1, should have been acknowledged by reference and briefly discussed in 
the introductory part of the description. 

The claims do not include reference signs in parentheses where features shown in the 
drawings are referred to, contrary to Rule 6.2(b) PCT. 

|p General "spirit" and "scope" statements are unclear, and when used to interpret the 

claims renders them also unclear, contrary to Article 6 PCT. The statement of this kind 
as set out in the last page of the description should have been deleted. 

Concerning section VIII (observations on clarity) 

The reference to "said third value" in claim 6 as well as in the description in page 7 at 
line 6 is considered as being not clear since no third value is mentioned neither in the 
preceding claims nor in the foregoing text of the description. Also producing a third 
value as set out in claim 6 does not seem to have any technical effect since the use of 
this value is not defined in the claims. 
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FOR FURTHER see Notification of Transmittal of International Search Report 
ACTION (Form PCT/ ISA/220) as well as, where applicable, item 5 below. 


International application No. 

PCT/FI 00/00421 


International filing date (day/ month /year) 

29 May 2000 


(Earliest) Priority Date (daylmonth/year) 

11 May 1999 


Applicant 

NOKIA NETWORKS OY 



This international search report has been prepared by this International Searching Authority and is transmitted to the 
applicant according to Article 18. A copy is being transmitted to the International Bureau. 



This international search report consists of a total of 



sheets. 



| X | It is also accompanied by a copy of each prior art document cited in this report. 



1. | | Certain claims were found unsearchable (See Box I) 

2. |^J Unity of invention is lacking (See Box II). 



The international application contains disclosure of a nucleotide and/or amino acid sequence listing and the 
international search was carried out on the basis of the sequence listing 



□ 
□ 

□ 



filed with the international application. 

furnished by the applicant separately from the international application, 



□ 

transcribed by this Authority 



but not accompanied by a statement to the effect that it did not include 
matter going beyond the disclosure in the international application as filed. 



4. With regard to the title, [x] the lcxt is approved as submitted by the applicant. 

P | the text has been established by this Authority to read as follows: 



5. With regard to trie abstract, 

| x | the text is approved as submitted by the applicant. 

P I the text has been established, according to Rule 38.2(b), by this Authority as it appears 
in Box III. The applicant may, within one month from the date of mailing of this inter- 
national search report, submit comments to this Authority. 

6. 1 rie figure of the drawings to be published with the abstract is: 

Figure No. 1 [x] as suggested by the applicant. Q None of the figures. 

I'"' J because the applicant failed to suggest a figure. 
| " | because this figure better characterizes the invention. 
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Integrity protection method for radio network signaling 



TECHNICAL FIELD OF THE INVENTION 

The invention is directed to a method for checking the integrity of messages 
5 between a mobile station and the cellular network. Particularly, the invention is 
directed to such a method as described in the preamble of Claim 1. 

BACKGROUND OF THE INVENTION 

All telecommunication is subject to the problem of how to make sure that the 
received information is sent by an authorized sender and not by somebody who is 

10 trying to masquerade as the sender. The problem is evident in cellular tele- 
communication systems, where the air interface presents an excellent platform for 
eavesdropping and replacing the contents of a transmission by using higher trans- 
mission levels, even from a distance. A basic solution to this problem is 
authentication of the communicating parties. An authentication process aims to 

15 discover and check the identity of both of the communicating parties, so that each 
party receives information about the identity of the other party, and can trust the 
identity to a sufficient degree. Authentication is typically performed in a specific 
procedure at the beginning of the connection. However, this leaves room for 
unauthorized manipulation, insertion, and deletion of subsequent messages. Thus, 

20 there is a need for separate authentication of each transmitted message. The latter 
task can be done by appending a message authentication code (MAC) to the 
message at the transmitting end, and checking the MAC value at the receiving end. 

A MAC is typically a relatively short string of bits, which depends in some 
specified way on the message it protects and on a secret key known both by the 
25 sender and by the recipient of the message. The secret key is generated and agreed 
typically in connection with the authentication procedure in the beginning of the 
connection. In some cases the algorithm that is used to calculate the MAC based on 
the secret key and the message is also secret but this is not usually the case. 

The process of authentication of single messages is often called integrity protection. 
30 To protect the integrity of signaling, the transmitting party computes a MAC value 
based on the message to be sent and the secret key using the specified algoritm, and 
sends the message with the MAC value. The receiving party recomputes a MAC 
value based on the message and the secret key according to the specified algorithm, 
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and compares the received MAC and the calculated MAC. If the two MAC values 
match, the recipient can trust that the message is intact and sent by the supposed 
party. One may note in passing, that integrity protection does not usually include 
protection of confidentiality of the transmitted messages. 

5 Integrity protection schemes are not completely perfect. A third party can try to 
manipulate and succeed in manipulating a message transmitted between a first and a 
second party. There are two main alternative methods for forging a MAC value for a 
modified or a new messages, namely by obtaining the secret key first, and by trying 
directly without the secret key. 

10 The secret key can be obtained by a third party basically in two ways: 

- by computing all possible keys until a key is found, which matches with data of 
observed message-MAC pairs, or by otherwise breaking the algorithm for producing 
MAC values; or 

- by directly capturing a stored or transmitted secret key. 

15 The original communicating parties can prevent a third party from obtaining the 
secret key by using an algorithm that is cryptographically strong and which uses a 
long enough secret key to prevent exhaustive search of all keys, and using other 
security means for transmission and storage of secret keys. 

A third party can try to disrupt messaging between the two parties without a secret 
20 key basically by guessing the correct MAC value, or by replaying of some earlier 
message transmitted between the two parties, for which message the correct MAC is 
known from the original transmission. 

Correct guessing of the MAC value can be prevented by using long MAC values. 
The MAC value should be long enough to reduce the probability of guessing right to 
25 a sufficiently low level compared to the benefit gained by one successful forgery. 
For example, using a 32 bit MAC value reduces the probability of a correct guess to 
1/4 294 967 296, which is small enough for most applications. 

Obtaining a correct MAC value using the replay attack i.e. by replaying an earlier 
message can be prevented by introducing a varying parameter to the calculation of 
30 the MAC values. For example, a time stamp value, a sequence number, or a random 
number can be used as a further input to the MAC algorithm in addition to the secret 
integrity key and the message. The present invention is associated with this basic 
method. In the following, the prior art methods are described in more detail. 
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When using a time stamp value, each communicating party needs to have an access 
to a reliable clock in order to be able to calculate the MAC in the same way. The 
problem with this approach is the need of the reliable clock. The clocks of both 
parties must be very accurate and be very accurately in time. However, this 
5 condition is unacceptable in cellular telecommunication systems: both parties, i.e. 
the mobile station (MS) and the network do not have access to a clock, that is 
reliable enough. 

When using sequence numbers, each party has to keep track of those sequence 
numbers that have already been used and are not acceptable any more. The easiest 
10 way to implement this is to store the highest sequence number used in MAC 
calculations so far. This approach has the drawback, that between connections each 
party must maintain state information which is at least to some level synchronized. 
That is, they need to store the highest sequence number used so far. This requires 
the use of a large database at the network side. 

15 A further approach is to include a random number in each message, which the other 
side must use in MAC calculation when for the next time sending a message, for 
which MAC authentication is required. This approach has the same drawback as the 
previous one, i.e. between connections each party must maintain state information, 
which requires the use of a large database at the network side. 

20 SUMMARY OF THE INVENTION 

An object of the invention is to realize a method for integrity checking, which 
avoids the problems associated with prior art. A further object of the invention is to 
provide a method for integrity checking, which does not require storage of state 
information on the network side. 

25 The objects are reached by using two time-varying parameters in MAC calculation, 
one of which is generated by the mobile station, and the other by the network. The 
parameter specified by the network is used in one session only, and is transmitted to 
the mobile station in the beginning of the connection. The parameter specified by 
the mobile station is stored in the mobile station between connections in order to 

30 allow the mobile station to use a different parameter in the next connection. The 
parameter specified by the mobile station is transmitted to the network in the 
beginning of the connection. 
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The method according to the invention is characterized by that, which is specified in 
the characterizing part of the independent method claim. The dependent claims 
describe further advantageous embodiments of the invention. 

According to the invention, both parties specify a varying parameter to be used in 
5 the generation of MAC values. On the network side in a mobile network, all state 
information about the particular user can be discarded after the connection is 
released. According to the invention, both a sequence number and a network 
specified value such as a pseudorandom number is used in calculation of the MAC 
value. In the beginning of the connection, the mobile station determines the initial 

10 value used for the sequence counting, and transmits the value to the network. In 
addition to the initial value, a counter value is used. The initial value and the 
counter value are concatenated, added or combined in some other way to produce 
the parameter to be used in the calculation of the MAC value of a message. One 
way of combining the two values is using the initial value as the starting value of the 

15 counter, which corresponds to the addition of the counter value and the initial value. 
The invention does not limit which counter values are used in the inventive method. 
A suitable value is for example the protocol data unit (PDU) number of the radio 
link control (RLC) protocol, i.e. the RLC PDU number. Another suitable value is 
the use of a counter, which is incremented at fixed intervals, for example every 10 

20 milliseconds. Preferably, a counter such as the RLC PDU counter which is already 
present in mobile stations and in the network is used in a method according to the 
invention. Further, also counters associated with ciphering of data over the radio 
interface can be used in a method according to the invention. Further, the invention 
does not limit which initial value is used in the inventive method. For example, the 

25 current hyperframe number at the time of initiating of the connection can be used as 
the initial value. Further, the counter values do not need to be transmitted after the 
transmission of the initial value, since both sides of the connection can update the 
counters in the same way during the connection, preserving synchronization. 
Preferably, when a connection is released, the mobile station stores into its memory 

30 the initial value used in the connection or at least the most significant bits of the 
initial value, which allows the mobile station to use a different initial value next 
time. The mobile station can save the information for example in the SIM 
(Subscriber Identity Module) card or another memory device, for allowing the 
mobile station to use a value previously stored in the SIM card of the mobile station 

35 in specifying the initial value. 
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The network specifies the random number, or in practice a pseudorandom number in 
the beginning of the connection. The random number is session specific, i.e. it does 
not need to be changed within a connection or transmitted to the mobile station 
more than once in the beginning of the connection, and neither does it need to be 
5 stored in the network between connections. Advantageously, the network element 
generating the random number and taking care of MAC value generation and 
checking of received messages and MAC values is the radio network controller 
(RNC). However, the invention is not limited to that, since these functions can be 
realized in many other network elements as well. The use of RNC is advantageous, 
10 since in that case the core network of the cellular telecommunication system does 
not need to participate in integrity checking of single messages, and since radio 
access network messaging may also need to be protected by integrity checking. 

The invention allows both sides of the connection to perform integrity checking. 
Since the network specifies a random value in the beginning of the connection, a 
15 mobile station of a hostile party cannot succesfully perform a replay attack by 
replaying a message recorded from a previous connection. Since the mobile station 
specifies the initial value for the connection, replay attacks from a bogus network 
element operated by a hostile party will not succeed. 

BRIEF DESCRIPTION OF THE DRAWINGS 

20 The invention is described in more detail in the following with reference to the 
accompanying drawings, of which 

Figure 1 illustrates an advantageous embodiment of the invention, 

Figure 2 illustrates a method according to an advantageous embodiment of the 



25 Figure 3 illustrates signalling according to an advantageous embodiment of the 



Same reference numerals are used for similar entities in the figures. 
DETAILED DESCRIPTION 

Figure 1 illustrates a way of calculating the MAC value according to the invention. 
30 The IK is the secret integrity key, which is generated during a mobile station 
authentication procedure in the beginning of a connection. Because the same IK key 
is used to authenticate many messages possibly even during many consecutive 



invention, and 



invention. 
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connections, time- varying parameters are needed to avoid hostile attacks during the 
connection. For that purpose, a counter value COUNT and a random value 
RANDOM are used in the MAC calculation as well. According to the invention, a 
message 1 and the IK, COUNT, and RANDOM values are input into a calculation 
5 means 10, which calculates a MAC value according to the inputs and the particular 
authentication algorithm. We note here, that the invention is not limited to any 
specific way of calculating the MAC value from the inputs illustrated in figure 1. 
The invention is not limited to any specific lengths of the input values. For example, 
for the UMTS (Universal Mobile Telecommunication System) cellular system 
10 suitable lengths are 128 bits for the IK value, 32 bits for the COUNT value, 32 bits 
for the RANDOM value, and 16 bits for the MAC value. However, other lengths 
could be used even for the UMTS system, and other inputs can be used in addition 
to these values. 

If a new IK value is generated in an authentication process in the beginning of the 
15 current connection, the mobile station can reset the initial value of COUNT, since 
new IK value provides security against replay attacks. The storing of the initial 
value or a part of it for use with the next connection is necessary, since the IK value 
might not change, when the next connection is established. This is very probable for 
example when using a multifunction mobile station in the UMTS system, since the 
20 mobile station can have multiple simultaneous connections of various types, and 
establish and release new connections during a single communication session. The 
network does not necessarily perform full authentication for each new connection, 
whereby the mobile station will not always receive a new IK value for each new 
connection. However, when the IK is changed, the mobile station can reset the 
25 initial COUNT values without danger of compromising security. 

Figure 2 illustrates a method according to an advantageous embodiment of the 
invention. Figure 2 illustrates a method for integrity checking of a message 
transmitted during a connection between a cellular telecommunication network and 
a mobile station. 

30 In the first step 50, the transmitting party calculates the authentication value (MAC) 
of the message on the basis of the message, a first value specified by the network, 
said first value being valid for one connection only, a second value specified at least 
in part by the network, and a third value at least partly specified by the mobile 
station. Preferably, said first value is a pseudorandom value such as the RANDOM 

35 value described previously. Further, said third value is preferably a counter value 
such as the COUNT value described previously, which value is incremented during 



WO 00/69206 PCT/FI00/00421 



the connection. For example, the RLC PDU value can be used for generation of the 
COUNT value. As described previously, the mobile station specifies an initial value 
for the counter value in the beginning of the connection. The initial value can be 
used as a starting value for a counter producing the COUNT values, or the initial 
5 value can be combined with some other counter value such as the RLC PDU value 
for producing said third value. 

In the next step 52, the message is transmitted from the transmitting party to the 
receiving party, which calculates a second MAC value as described previously, and 
compares the received MAC value and the calculated MAC value in step 56. If they 

10 are found to be equal, the message is accepted in step 58, and if they are found to be 
unequal, the message is rejected in step 60. In the case of uplink messaging, the 
steps of calculation 54 and comparison 56 can advantageously be performed by a 
radio network controller in the cellular telecommunication network. The method of 
figure 2 is used for checking the integrity of at least some of uplink and downlink 

15 messages. 

Figure 3 illustrates one example of how to initiate a connection according to an 
advantageous embodiment of the invention. Figure 3 shows an advantageous 
solution to the problem of how to exchange two initial values for the purposes of 
integrity checking. We note here that the signalling sequence shown in figure 3 is in 

20 no way limited to passing only the COUNT and RANDOM values described 
previously. Signalling according to figure 3 can be used for exchange of any two 
keys in the beginning of a connection. Figure 3 shows as an example signalling 
associated with a mobile originated call, but corresponding signalling sequences can 
be used also in other situations, such as in establishing a mobile terminating call, or 

25 in a paging response procedure. 

Figure 3 shows a particular example of a method according to the invention. The 
central idea in figure 3 is, that the RNC stores the message or messages received 
from the mobile station and authenticated with a MAC value until the time, when it 
is able to check the MAC value of the message(s). If one or all of the MAC values 
30 are later found to be false, the network can then decide, if it should discard the 
initiated connection. 

Figure 3 illustrates signalling between a mobile station MS 20, a radio network 
controller RNC 30, and core network CN 40 in a situation, in which the mobile 
station initiates a connection. Figure 3 illustrates the signalling using terminology of 
35 the UMTS system. In the first step 100, the mobile station sends the initial 
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connection request message RRC SETUP REQ to the network. After receiving the 
connection request message, the RNC generates the RANDOM value, after which 
the RNC replies by sending 105 an acknowledgment message ACK to the mobile 
station. The RNC specifies the RANDOM value to the mobile station by attaching 
5 the value as a parameter to the ACK message, which is shown in figure 3 by the 
label RANDOM appearing under the arrow 105. After receiving the 
acknowledgment and the RANDOM value, the mobile station needs to send the 
initial COUNT value to the network. This can be realized basically in two ways: by 
defining a new message for that purpose, for example in the RRC level, or by 

10 attaching the COUNT value as a parameter to an existing message. Arrow 110 
denotes the former approach, i.e. denotes a message specifically defined for 
transmitting the COUNT value. Arrow 115 denotes the latter approach, i.e. 
attaching the COUNT value as a parameter to an existing message. In the example 
of figure 3, the existing message is a CM SERV REQ message. Further, also an IK 

15 key identification number may be transmitted as a parameter to the message. During 
an authentication process in which an IK is generated, each IK is assigned an 
identification number, whereafter the MS and the network may refer to the IK 
simply by using the identification number. 

In the example of figure 3, the mobile station sends a classmark service request 
20 message CM SERV REQ to the network, specifying a temporary identifier TMSI 
and a capability class identifier CM2 to the network. If a specific message was not 
used to transport the initial COUNT value to the network, the initial COUNT value 
is passed to the network as a further parameter to the CM SERV REQ message. 
Further, the mobile station transmits a MAC value calculated on the basis of the 
25 COUNT and RANDOM values, and an IK value received and stored during a 
previous connection. Upon receiving the message, the RNC removes and stores the 
MAC value from the message as well as the possibly existing COUNT value, and 
forwards 120 the rest of the message to the core network. The RNC stores the whole 
message as well for later use, which will be described later. According to UMTS 
30 specifications, the core network may perform an authentication procedure at this 
stage, which is represented by arrows 125 and 130 in figure 3, corresponding to 
authentication request AUTH REQ and authentication response AUTH RSP 
messages. 

The next step depends on whether the network has an IK value for the mobile 
35 station or not. If the network performed the authentication in steps 125 and 130, the 
network has the DC value determined in the authentication. Alternatively, the 
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network may have an old IK value stored in relation to a previous connection. The 
IK value is stored in the core network registers. If the network has an IK value, the 
method continues at step 135; if not, at step 150. This is represented by step 132 
and the associated dashed arrow in figure 3. 

5 In step 135, the core network sends a ciphering mode CIPH MODE message to the 
RNC, attaching the ciphering key CK and the IK value as parameters to the 
message. With this message, the CN supplies the IK value to the RNC, which was 
previously unaware of the IK value, if the authentication procedure was not 
performed at steps 125 and 130. At this stage, the RNC is able to check the CM 
10 SERV REQ message stored at step 115, since it now has the COUNT, the 
RANDOM, and the IK values necessary for calculating the MAC value of the 
message. The RNC calculates a MAC value and compares 137 it to the MAC value 
stored previously at step 115. If the match, the method continues at step 140. If they 
do not match, the method continues at step 160. 

15 In step 140, the RNC sends to the MS a CIPHERING COMMAND message to start 
ciphering, to which the MS replies 145 by sending a ciphering response message 
CIPHERING RSP back to RNC. After that, the communication continues normally, 
and the continuation is not depicted in figure 3. 

In step 150, the network performs an authentication process, which is represented 
20 by arrows 150 and 155 in figure 3, corresponding to authentication request AUTH 
REQ and authentication response AUTH RSP messages. After that, the core 
network informs the RNC about the new IK (not shown). 

At this stage the RNC needs to make sure, that the MS is the correct one and can 
calculate the MAC values accordingly. The RNC can perform for example a 

25 classmark request procedure or some other suitable procedure to that effect. That is, 
the RNC sends 160 a classmark request CLASSMARK REQ message to the MS, 
which replies by sending 165 a response message RSP back to the RNC, attaching 
the classmark information CM2 as a parameter to the message, and the calculated 
MAC value at the end of the message. Now the RNC can again check the MAC, and 

30 if no hostile party has replayed any of the previous messages, the MAC values 
calculated by the RNC and the MS will match, since the three key values DC, 
RANDOM, and COUNT are now known both to the MS and the RNC. After 
receiving the classmark response message RSP, the RNC sends 170 the classmark 
information in a CLASSMARK message to the core network, as required by the 

35 UMTS specifications. 
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Although in the previous description, the network is described to specify a random 
number to be used as the network-specified varying parameter, also other than 
random values can be used. For example, although being a less advantageous 
example of an embodiment of the invention, the network may use a counter value, 
5 and store the counter value in a central register in order to be able to use a different 
value during the next connection. Naturally, this embodiment has the disadvantage 
of the burden of storage of the values of the users to be used in the following 
connections. 

In the previous examples, the invention has been described in relation to a cellular 
10 telecommunication system. The invention can be very advantageously used in such 
a system, since it requires very little messaging, and thus uses only a diminutive 
amount of valuable air interface resources. However, the invention can be applied 
also in other communication systems. 

The invention has several advantages. For example, according to most advantageous 
15 embodiments there is no need for maintaining synchronized state information 
between different connections. That is, these embodiments do not require the 
network to store any counter information for effecting the integrity checking which 
is a considerable advantage, since such storage would have to be effected in a 
central register such as the VLR (Visitor Location Register) or the HLR (Home 
20 Location Register). According to these most advantageous embodimetnts, all state 
information about the connection can be discarded on the network side in a mobile 
network after the connection is released. The invention allows the integrity checking 
to be performed by a network element outside the core network, such as the RNC in 
the case the UMTS cellular system. 

25 The invention does not specify any upper limit for the number of values used in 
calculation of MAC values. Any other values in addition to those described for 
example in relation to figure 1 may be used as well. Further, the invention does not 
limit, which messages are subjected to integrity checking: all messages, a certain 
group of messages, or messages selected in some other way. 

30 The name of a given functional entity, such as the radio network controller, is often 
different in the context of different cellular telecommunication systems. For 
example, in the GSM system the functional entity corresponding to a radio network 
controller (RNC) is the base station controller (BSC). Therefore, the term radio 
network controller is intended to cover all corresponding functional entities 

35 regardless of the term used for the entity in the particular cellular tele- 
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communication system. Further, the various message names such as the RRC 
SETUP REQ message name are intended to be examples only, and the invention is 
not limited to using the message names recited in this specification. 

In view of the foregoing description it will be evident to a person skilled in the art 
5 that various modifications may be made within the scope of the invention. While a 
preferred embodiment of the invention has been described in detail, it should be 
apparent that many modifications and variations thereto are possible, all of which 
fall within the true spirit and scope of the invention. 
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Claims 



1. Method for integrity checking of messages transmitted during a connection 
between a first party and a second party, in which method an authentication value is 
calculated for a message, 

5 characterized in that the method comprises steps, in which 

the authentication value of a message is calculated on the basis of 

- the message, 

- a first value specified by the first party, said first value being valid for one 
connection only, 

10 - a counter value at least partly specified by the second party. 

2. A method according to claim 1, characterized in that said first party is a 
cellular telecommunication network and said second party is a mobile station. 

3. A method according to claim 1, characterized in that the authentication value 
of a message is calculated also on the basis of a second value specified at least in 

1 5 part by the first party. 

4. A method according to claim 1, characterized in that said first value is a 
pseudorandom value. 

5. A method according to claim 2, characterized in that the mobile station 
specifies an initial value for the counter value. 

20 6. A method according to claim 2, characterized in that the mobile station 
specifies an initial value which is combined with a counter value for producing said 
third value. 

7. A method according to claim 5, characterized in that the mobile station uses a 
value previously stored in the SIM card of the mobile station in specifying said 
25 initial value. 



8. A method according to claim 1, characterized in that said cellular tele- 
communication network is an UMTS network, and said first value is specified by a 
radio network controller. 
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